The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. “Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia,” cybersecurity company Team Cymru said in a new analysis shared